Ouverture mauvaise fenêtre sur google

Résolu
yomenp Messages postés 78 Statut Membre -  
yomenp Messages postés 78 Statut Membre -
Bonjour,

Lorsque j'effectue une recherche sur GOOGLE, la page de résultat
apparaît (jusque là normal).
Cependant lorsque je clique sur un résultat, une fenêtre totalement
différente du résultat affiché s'ouvre (souvent sur http://www.luckyresults.com/7398/search.php?keyword=gm%20canada&sid=2a8d78e0b3250c0f494329cad26ded1f&cid=BPO"")et sur (pub.ezanga.com et autres) Je suis donc obligé de cliquer sur précédent et
je re-cliquer sur le résultat (et ce à plusieurs reprises) pour
atteindre le résltat choisi mais souvent échouer.

Comment dois-je procéder pour parvenir à la page souhaitée au premier
essai ???
je vous laisse un mon hijackthis j'ai fait avant un spybot destroy et un ccleaner .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15, on 2009-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - https://www.costcophotocentre.ca/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe

--
End of file - 7927 bytes

Merci de votre aide !!!
Configuration: Windows XP Internet Explorer 6.0

48 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Des redirections apparaissent lors de l'ouverture des résultats Google, une fenêtre mène vers des domaines comme luckyresults.com ou pub.ezanga.com, ce qui empêche d'accéder directement à la page souhaitée. Des outils de sécurité et de nettoyage ont été utilisés (HijackThis, Spybot, CCleaner), et la discussion souligne l'importance de partager le rapport complet pour identifier les composants malveillants. Pour résoudre, il est conseillé d'analyser le fichier de log, de vérifier les éléments BHO et les programmes au démarrage, puis d'éliminer les éléments suspects et de scanner avec un antivirus. En cas de persistance, il peut être nécessaire de vérifier les paramètres du navigateur et les extensions, ainsi que les services et les tâches planifiées, car certains composants peuvent se rétablir après nettoyage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. yomenp Messages postés 78 Statut Membre
     
    **UP** a l aide merci
    0
  2. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut yomenp

    Rien de suspect, télécharge RSIT (de random/random) sur le bureau ici :
    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

    Les rapports sont dans le dossier ici C:\rsit

    @++ :)
    0
  3. yomenp Messages postés 78 Statut Membre
     
    merci de ton aide voici le rapport et un peu plus ....

    ======List of files/folders created in the last 1 months======

    2009-12-26 21:28:47 ----D---- C:\rsit
    2009-12-26 20:14:38 ----D---- C:\Program Files\Trend Micro
    2009-12-26 14:08:48 ----D---- C:\Program Files\MyDSC2
    2009-12-26 14:06:53 ----D---- C:\Program Files\Common Files\ArcSoft
    2009-12-26 14:01:18 ----D---- C:\Program Files\ArcSoft
    2009-12-26 14:01:18 ----A---- C:\WINDOWS\PCDLIB32.DLL
    2009-12-26 13:50:28 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0100$
    2009-12-26 13:50:09 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
    2009-12-26 13:49:34 ----D---- C:\Program Files\MP3 Player Utilities 4.19
    2009-12-25 21:00:16 ----D---- C:\Program Files\ma-config.com
    2009-12-25 20:49:20 ----D---- C:\Program Files\Common Files\Logitech
    2009-12-25 15:13:37 ----DC---- C:\WINDOWS\$NtUninstallKB969947$
    2009-12-25 14:22:10 ----D---- C:\Documents and Settings\User\Application Data\ArcSoft
    2009-12-23 21:13:48 ----D---- C:\Documents and Settings\User\Application Data\Sony Corporation
    2009-12-23 21:01:50 ----D---- C:\Program Files\Sony
    2009-12-23 21:00:42 ----D---- C:\Documents and Settings\User\Application Data\InstallShield
    2009-12-20 19:51:31 ----N---- C:\WINDOWS\UNNeroShowTime.exe
    2009-12-18 11:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2009-12-06 19:58:09 ----D---- C:\Program Files\Panda Security

    ======List of files/folders modified in the last 1 months======

    2009-12-26 20:14:38 ----RD---- C:\Program Files
    2009-12-26 18:30:27 ----D---- C:\WINDOWS\Temp
    2009-12-26 15:22:34 ----D---- C:\WINDOWS\system32\drivers
    2009-12-26 15:22:33 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-12-26 15:22:24 ----D---- C:\WINDOWS\system32
    2009-12-26 15:21:17 ----D---- C:\WINDOWS
    2009-12-26 15:03:33 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-12-26 14:50:48 ----D---- C:\WINDOWS\twain_32
    2009-12-26 14:36:55 ----D---- C:\Program Files\meteo
    2009-12-26 14:26:35 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-12-26 14:26:32 ----D---- C:\WINDOWS\system32\DirectX
    2009-12-26 14:23:39 ----SHD---- C:\WINDOWS\Installer
    2009-12-26 14:23:39 ----D---- C:\Config.Msi
    2009-12-26 14:09:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-12-26 14:08:56 ----HD---- C:\WINDOWS\inf
    2009-12-26 14:08:56 ----D---- C:\WINDOWS\system32\CatRoot
    2009-12-26 14:08:52 ----A---- C:\WINDOWS\win.ini
    2009-12-26 14:08:48 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-12-26 14:06:53 ----D---- C:\Program Files\Common Files
    2009-12-25 21:00:16 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2009-12-25 20:51:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-12-25 15:49:41 ----D---- C:\WINDOWS\system32\config
    2009-12-25 15:49:36 ----D---- C:\WINDOWS\system32\wbem
    2009-12-25 15:49:36 ----D---- C:\WINDOWS\Registration
    2009-12-25 15:49:16 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-12-25 12:59:09 ----D---- C:\Documents and Settings\User\Application Data\XnView
    2009-12-25 12:22:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-12-24 16:33:37 ----HD---- C:\WINDOWS\$hf_mig$
    2009-12-23 22:22:10 ----D---- C:\WINDOWS\Minidump
    2009-12-23 14:33:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-12-23 14:09:17 ----D---- C:\Program Files\AnvSoft
    2009-12-23 13:42:38 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2009-12-23 09:57:20 ----D---- C:\Documents and Settings\User\Application Data\Vso
    2009-12-20 19:51:30 ----D---- C:\Program Files\Common Files\Ahead
    2009-12-20 19:51:29 ----D---- C:\Program Files\Ahead
    2009-12-18 18:09:01 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2009-12-18 18:08:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-12-18 16:04:42 ----D---- C:\WINDOWS\WinSxS

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
    R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-05-21 96328]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-22 1166972]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-28 47360]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
    R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-09-11 22792]
    R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-09-11 35592]
    R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-09-11 66056]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 FINEPIX_PCC;FinePix Digital Camera 020815; C:\WINDOWS\System32\Drivers\V4CB0119.SYS [2002-05-07 81700]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SBRE;SBRE; C:\WINDOWS\system32\drivers\SBRE.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-04-16 37248]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-09-11 14984]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-11-02 76672]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
    R2 ServicepointService;ServicepointService; C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe [2009-10-09 578800]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
    S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S4 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2008-07-09 26488]
    S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

    -----------------EOF-----------------
    0
  4. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut yomenp

    Manque la moitié du rapport, faut posté le rapport au complet.

    @++ :)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. yomenp Messages postés 78 Statut Membre
     
    ok dsl

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by User at 2009-12-26 21:28:47
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 2 GB (3%) free of 51 GB
    Total RAM: 1015 MB (34% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:28, on 2009-12-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4DA7CH23\RSIT[1].exe
    C:\Program Files\Trend Micro\HijackThis\User.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe" /AUTORUN
    O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
    O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - S-1-5-18 Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
    O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
    0
  7. yomenp Messages postés 78 Statut Membre
     
    suite
    info.txt logfile of random's system information tool 1.06 2009-12-26 21:28:50

    ======Uninstall list======

    -->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c /removeonly /uninstall -removeonly
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    Adobe Reader 9.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
    ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5863B6EF-76D0-4FF8-AA2F-EEBE7CC49DAA}\setup.exe" -l0x40c
    ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5339885F-4597-4343-BD3B-74280CC79424}\setup.exe" -l0x40c
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
    CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
    EA SPORTS online 2005-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
    Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
    ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
    ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
    ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
    ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
    ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
    ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
    ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
    ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
    essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
    essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
    ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
    ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
    EVEREST Ultimate Edition v5.01-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    FinePixViewer Ver.3.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
    FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
    HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
    HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
    ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
    J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
    LimeWire PRO 4.10.9-->"C:\Program Files\LimeWire\uninstall.exe"
    Logiciel Kodak EasyShare-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_39ae9\Setup.exe /APR-REMOVE
    Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}
    Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
    Madden NFL 2005-->C:\Program Files\EA SPORTS\Madden NFL 2005\EAUninstall.exe
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office XP Web Components-->MsiExec.exe /I{9026040C-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
    Monopoly-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
    MP3 Player Utilities 4.19-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
    MP3_98driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{366D4883-DC0B-43A2-9EFE-CAE93B6ABD8A}\Setup.exe"
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x040c /removeonly -removeonly
    MVP Baseball 2003-->C:\Program Files\EA SPORTS\MVP Baseball 2003\EAUninstall.exe
    MyDSC2-->C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\setup.exe -runfromtemp -l0x0009 -removeonly
    Need For Speed High Stakes-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed High Stakes\Uninst.isu" -c"C:\Program Files\Electronic Arts\Need For Speed High Stakes\uninst.dll" E
    Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
    Nero ShowTime CE-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NHL™ 09-->MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94}
    Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
    OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
    OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
    OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Paragon Partition Manager 8.5 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}\Setup.exe" -l0x9
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Security Advisor-->MsiExec.exe /I{809B9368-87AE-4F56-9743-FB16C99C2038}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
    SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
    SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
    SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
    Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Tiger Woods PGA TOUR 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FDD9D12-46C9-4156-A4A0-55297B9498CA}\Setup.exe" -l0x40c uninstallme
    Videotron Service Agent 3.0.21-->"C:\Program Files\Videotron\Videotron Service Agent\unins000.exe"
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
    XnView 1.95.4-->"C:\Program Files\XnViewphoto\unins000.exe"

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1351 [VPS 091226-1]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
    "PROCESSOR_REVISION"=0f02
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    0
  8. yomenp Messages postés 78 Statut Membre
     
    ups a l'aide
    0
  9. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut yomenp

    On va creuser un peu plus

    Télécharge combofix.exe (de sUBs) sur le bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
    https://forum.pcastuces.com/default.asp

    ==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

    Double clique sur combofix.exe, clique sur OUI et valide par Entrée

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

    @++ :)
    0
  10. yomenp Messages postés 78 Statut Membre
     
    impossible comme tu m as dit Désactive ton Antivirus et antispyware c est fait toujours le même message

    you cannot remame combofix as combofix
    please use another name ,preferbaly made up of alphanumeric characters

    j ai juste fait comme tu m'as dit pourtant .
    0
  11. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut yomenp

    Faire un clic droit sur ce lien :

    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Pour Internet Explorer

    - Choisi Enregistrer la cible sous ...

    Pour Firefox

    - Choisi Enregistrer la cible du lien sous...

    - Choisi le bureau comme lieu d'enregistrement

    - Donne lui ce nom bibite.exe clique sur [b]Enregistrer[/b]

    Continu le reste de la procédure

    @++ :)
    0
  12. yomenp Messages postés 78 Statut Membre
     
    merci voici le rapport de combixfix ou de bibite.exe

    ComboFix 09-12-26.02 - User 2009-12-26 23:25:09.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.636 [GMT -5:00]
    Running from: c:\documents and settings\User\Desktop\bibite.exe
    AV: avast! antivirus 4.8.1351 [VPS 091226-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\User\Application Data\inst.exe

    c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
    .

    2009-12-27 04:08 . 2009-12-27 04:08 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2009-12-27 04:08 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-27 04:08 . 2009-12-27 04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-27 04:08 . 2009-12-27 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-27 04:08 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-27 02:28 . 2009-12-27 02:28 -------- d-----w- C:\rsit
    2009-12-27 01:14 . 2009-12-27 01:14 -------- d-----w- c:\program files\Trend Micro
    2009-12-26 19:34 . 2009-12-26 19:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\MétéoMédia
    2009-12-26 19:08 . 2007-04-16 22:40 37248 ----a-w- c:\windows\system32\drivers\Capt905c.sys
    2009-12-26 19:08 . 2007-04-09 19:54 25216 ----a-w- c:\windows\system32\drivers\Camd905c.sys
    2009-12-26 19:08 . 2009-12-26 19:16 -------- d-----w- c:\program files\MyDSC2
    2009-12-26 19:06 . 2009-12-26 19:06 -------- d-----w- c:\program files\Common Files\ArcSoft
    2009-12-26 19:03 . 2006-11-10 20:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2009-12-26 19:01 . 2009-12-26 19:06 -------- d-----w- c:\program files\ArcSoft
    2009-12-26 19:01 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
    2009-12-26 18:50 . 2009-12-26 18:50 766 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
    2009-12-26 18:50 . 2009-12-26 18:50 2550 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_D0047288301C30DA811A0F.exe
    2009-12-26 18:50 . 2009-12-26 18:50 1518 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_C27BEE651C3EE1EF20AB6A.exe
    2009-12-26 18:50 . 2009-12-26 18:50 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F42A717ADAEB1EE8514FB3.exe
    2009-12-26 18:50 . 2009-12-26 18:50 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_EB66B5A478AF14DB51B289.exe
    2009-12-26 18:50 . 2009-12-26 18:50 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_55A1FAE66E55A8BC1BE320.exe
    2009-12-26 18:49 . 2009-12-26 18:49 -------- d-----w- c:\program files\MP3 Player Utilities 4.19
    2009-12-26 18:03 . 2009-12-26 18:03 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
    2009-12-26 02:00 . 2009-12-26 02:00 -------- d-----w- c:\program files\ma-config.com
    2009-12-26 01:52 . 2009-12-26 01:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Logitech
    2009-12-26 01:49 . 2004-08-04 03:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2009-12-26 01:49 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2009-12-26 01:49 . 2009-12-26 02:23 -------- d-----w- c:\program files\Common Files\Logitech
    2009-12-25 20:49 . 2009-12-25 20:49 -------- d-----w- c:\windows\system32\wbem\Repository
    2009-12-25 19:22 . 2009-12-25 20:48 -------- d-----w- c:\documents and settings\User\Application Data\ArcSoft
    2009-12-24 02:13 . 2009-12-24 02:13 -------- d-----w- c:\documents and settings\User\Application Data\Sony Corporation
    2009-12-24 02:01 . 2009-12-24 02:08 -------- d-----w- c:\program files\Sony
    2009-12-24 02:01 . 2009-12-24 02:01 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
    2009-12-24 02:00 . 2009-12-24 02:00 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
    2009-12-21 00:51 . 2005-08-24 12:46 3006464 ------w- c:\windows\UNNeroShowTime.exe
    2009-12-18 16:34 . 2009-12-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2009-12-07 00:58 . 2009-12-26 20:22 -------- d-----w- c:\program files\Panda Security

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-26 19:36 . 2008-04-16 01:52 -------- d-----w- c:\program files\meteo
    2009-12-26 19:08 . 2007-09-21 20:33 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-26 02:00 . 2009-04-30 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2009-12-25 20:49 . 2008-01-11 02:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-25 17:59 . 2009-01-01 14:57 -------- d-----w- c:\documents and settings\User\Application Data\XnView
    2009-12-23 19:33 . 2008-09-05 19:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-12-23 19:09 . 2009-07-28 20:36 -------- d-----w- c:\program files\AnvSoft
    2009-12-23 18:42 . 2007-09-23 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-12-23 14:57 . 2009-07-29 00:47 -------- d-----w- c:\documents and settings\User\Application Data\Vso
    2009-12-21 00:51 . 2009-10-13 13:52 -------- d-----w- c:\program files\Common Files\Ahead
    2009-12-21 00:51 . 2009-05-09 19:17 -------- d-----w- c:\program files\Ahead
    2009-12-18 23:09 . 2007-09-24 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-10-30 20:30 . 2009-10-30 20:30 -------- d-----w- c:\program files\Radialpoint
    2009-10-30 20:30 . 2009-10-30 20:30 -------- d-----w- c:\documents and settings\User\Application Data\Videotron
    2009-10-30 20:30 . 2009-10-30 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
    2009-10-30 20:29 . 2009-10-30 20:29 -------- d-----w- c:\program files\Videotron
    2009-10-30 20:29 . 2009-10-30 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Videotron
    2009-10-06 16:16 . 2007-09-23 21:41 43136 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-15 21:31 . 2007-12-15 21:30 48 --sh--w- c:\windows\SA6C648CD.tmp
    .

    ------- Sigcheck -------

    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
    [-] 2004-08-04 01:07 . FA1465976CC19BA6FCBF0A780CEA7AA0 . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 68856]
    "WeatherEye"="c:\documents and settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-23 77824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
    "VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2009-10-09 3376368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

    c:\documents and settings\User\Start Menu\Programs\Startup\
    Outil de d‚tection de support PMB.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-23 333088]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
    backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
    backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2007-03-01 14:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    2007-05-22 03:46 1369288 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2004-08-04 01:07 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-09-23 21:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
    2006-07-13 11:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-12-19 01:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2008-08-18 22:41 1832272 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-09-23 21:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    2004-06-03 08:51 172032 ----a-w- c:\program files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "spupdsvc"=2 (0x2)
    "xmlprov"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WudfSvc"=3 (0x3)
    "wuauserv"=2 (0x2)
    "wscsvc"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "WmiApSrv"=3 (0x3)
    "Wmi"=3 (0x3)
    "WmdmPmSN"=3 (0x3)
    "winmgmt"=2 (0x2)
    "WebClient"=2 (0x2)
    "W32Time"=2 (0x2)
    "VSS"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "UPS"=3 (0x3)
    "upnphost"=3 (0x3)
    "TrkWks"=2 (0x2)
    "Themes"=2 (0x2)
    "TermService"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "SysmonLog"=3 (0x3)
    "SwPrv"=3 (0x3)
    "stisvc"=2 (0x2)
    "SSDPSRV"=3 (0x3)
    "srservice"=2 (0x2)
    "Spooler"=2 (0x2)
    "ShellHWDetection"=2 (0x2)
    "SharedAccess"=2 (0x2)
    "SENS"=2 (0x2)
    "seclogon"=2 (0x2)
    "Schedule"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "SamSs"=2 (0x2)
    "RSVP"=3 (0x3)
    "RemoteRegistry"=2 (0x2)
    "RDSessMgr"=3 (0x3)
    "RasMan"=3 (0x3)
    "RasAuto"=3 (0x3)
    "ProtectedStorage"=2 (0x2)
    "PolicyAgent"=2 (0x2)
    "PlugPlay"=2 (0x2)
    "ose"=3 (0x3)
    "NtmsSvc"=3 (0x3)
    "NtLmSsp"=3 (0x3)
    "NMIndexingService"=3 (0x3)
    "Nla"=3 (0x3)
    "Netman"=3 (0x3)
    "Netlogon"=3 (0x3)
    "NBService"=3 (0x3)
    "MSIServer"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "LmHosts"=2 (0x2)
    "lanmanworkstation"=2 (0x2)
    "lanmanserver"=2 (0x2)
    "KodakCCS"=3 (0x3)
    "ImapiService"=3 (0x3)
    "IDriverT"=3 (0x3)
    "HTTPFilter"=3 (0x3)
    "helpsvc"=2 (0x2)
    "gusvc"=3 (0x3)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "EventSystem"=3 (0x3)
    "Eventlog"=2 (0x2)
    "ERSvc"=2 (0x2)
    "Dnscache"=2 (0x2)
    "dmserver"=2 (0x2)
    "dmadmin"=3 (0x3)
    "Dhcp"=2 (0x2)
    "CryptSvc"=2 (0x2)
    "COMSysApp"=3 (0x3)
    "CiSvc"=3 (0x3)
    "Browser"=2 (0x2)
    "BITS"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "AudioSrv"=2 (0x2)
    "aswUpdSv"=2 (0x2)
    "AppMgmt"=3 (0x3)
    "ALG"=3 (0x3)
    "WLSetupSvc"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2518:UDP"= 2518:UDP:Windows Media Format SDK (iexplore.exe)
    "2519:UDP"= 2519:UDP:Windows Media Format SDK (iexplore.exe)
    "2532:UDP"= 2532:UDP:Windows Media Format SDK (iexplore.exe)

    R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-09-23 38448]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-08 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-08 20560]
    R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [2009-10-30 578800]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-12-17 243056]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-26 38224]
    S3 SBRE;SBRE; [x]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title = Microsoft Internet Explorer
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-RegTool - c:\program files\RegTool\RegTool.exe
    HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
    MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    MSConfigStartUp-WeatherEye - c:\program files\meteo\WeatherEye.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-26 23:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x87B0A618]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf76bbfc3
    \Driver\ACPI -> ACPI.sys @ 0xf760ecb8
    \Driver\atapi -> atapi.sys @ 0xf75a07b4
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
    ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
    ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
    NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf74adba0
    PacketIndicateHandler -> NDIS.sys @ 0xf74bab21
    SendHandler -> NDIS.sys @ 0xf749887b
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-299502267-1580436667-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-299502267-1580436667-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:23,9f,77,23,0e,5a,f4,9e,59,5a,4f,59,1c,b3,b0,03,33,75,a5,28,f4,b9,8f,
    3d,ec,fa,84,cc,2d,2d,5a,10,d7,2a,b4,7e,47,72,60,6b,d0,d1,e1,e7,82,4b,03,24,\
    "??"=hex:fa,79,8b,58,d3,e6,92,92,79,3c,fb,5b,53,55,03,8c

    [HKEY_USERS\S-1-5-21-299502267-1580436667-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:e7,e7,41,51,97,75,a5,19,b6,82,bd,87,cb,df,1c,d3,53,96,f5,96,8c,
    37,c1,87,8e,05,39,88,3e,ba,1f,3e,0f,82,d1,d4,ad,ab,a6,ae,e8,48,4e,c4,b4,9c,\
    "rkeysecu"=hex:67,0e,b6,90,7b,80,8f,bd,15,90,07,9e,d5,6c,62,fc

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Completion time: 2009-12-26 23:35:40
    ComboFix-quarantined-files.txt 2009-12-27 04:35
    ComboFix2.txt 2008-09-05 21:39
    ComboFix3.txt 2008-09-05 21:18

    Pre-Run: 1 598 431 232 bytes free
    Post-Run: 1 797 586 944 bytes free

    Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
    - - End Of File - - 34E396BD9E40A7F12083C12C4C7B2999
    0
  13. yomenp Messages postés 78 Statut Membre
     
    je suis presentement en scan du C et E de mon ordi avec Malwarebytes' Anti-Malware
    0
  14. yomenp Messages postés 78 Statut Membre
     
    merci de pour l aide je revien demain pour plus d info merci de ton aide dédétraquer en esperant qu on vienne a bout je vais me coucher je suis claquer .
    0
  15. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut

    - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

    - Copie/colle ce qui est en gras ci-dessous dans le Bloc-Notes :

    KillAll::

    Driver::
    Lavasoft Ad-Aware Service
    NMIndexingService

    FCopy::
    c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys | c:\windows\system32\drivers\atapi.sys


    - Enregistre ce fichier sur le bureau (Impératif)

    -Nom du fichier : CFScript.txt
    -Type du fichier : tous les fichiers

    - Clique sur Enregistrer et quitte le Bloc Notes

    Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

    - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

    http://free0.hiboox.com/images/2409/9126d3b136f7db9ab6242ad715b44296.gif

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    @++ :)
    0
  16. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Bonjour ;

    Pour suivre..
    0
  17. yomenp Messages postés 78 Statut Membre
     
    voici un rapport de mon

    Malwarebytes' Anti-Malware 1.42

    Malwarebytes' Anti-Malware 1.42
    Version de la base de données: 3437
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    2009-12-27 09:37:46
    mbam-log-2009-12-27 (09-37-46).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 192397
    Temps écoulé: 35 minute(s), 43 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 220

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcgg0j0ee4n (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\User\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020 (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\User\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\Logs\2009-04-29 22-09-440.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
    0
  18. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut yomenp

    Faire la procédure de mon dernier message

    @++ :)
    0
  19. yomenp Messages postés 78 Statut Membre
     
    merci j'ai fait la procédure que tu m'as demander même probleme

    Impossible comme tu m as dit Désactive ton Antivirus et antispyware c est fait toujours le même message

    you cannot remame combofix as combofix
    please use another name ,preferbaly made up of alphanumeric characters

    j ai juste fait comme tu m'as dit pourtant .sur mon bureau le fichier bien ecrit glisser et pouf ce probleme de name .
    0
  20. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut yomenp

    Télécharge load_tdsskiller de Loup Blanc sur ton Bureau :
    http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

    Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

    - Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan

    - A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
    - Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
    - Fais redémarrer ton PC

    @++ :)
    0
  21. yomenp Messages postés 78 Statut Membre
     
    voici le rapport

    fradesch.......

    10:59:37:859 2324 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
    10:59:37:859 2324 ================================================================================
    10:59:37:859 2324 SystemInfo:

    10:59:37:859 2324 OS Version: 5.1.2600 ServicePack: 2.0
    10:59:37:859 2324 Product type: Workstation
    10:59:37:859 2324 ComputerName: HOME_PC
    10:59:37:859 2324 UserName: User
    10:59:37:859 2324 Windows directory: C:\WINDOWS
    10:59:37:859 2324 Processor architecture: Intel x86
    10:59:37:859 2324 Number of processors: 2
    10:59:37:859 2324 Page size: 0x1000
    10:59:37:859 2324 Boot type: Normal boot
    10:59:37:859 2324 ================================================================================
    10:59:37:859 2324 ForceUnloadDriver: NtUnloadDriver error 2
    10:59:37:859 2324 ForceUnloadDriver: NtUnloadDriver error 2
    10:59:37:859 2324 ForceUnloadDriver: NtUnloadDriver error 2
    10:59:37:875 2324 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
    10:59:37:875 2324 main: Driver KLMD successfully dropped
    10:59:37:921 2324 main: Driver KLMD successfully loaded
    10:59:37:921 2324
    Scanning Registry ...
    10:59:37:921 2324 ScanServices: Searching service UACd.sys
    10:59:37:921 2324 ScanServices: Open/Create key error 2
    10:59:37:921 2324 ScanServices: Searching service TDSSserv.sys
    10:59:37:921 2324 ScanServices: Open/Create key error 2
    10:59:37:921 2324 ScanServices: Searching service gaopdxserv.sys
    10:59:37:921 2324 ScanServices: Open/Create key error 2
    10:59:37:921 2324 ScanServices: Searching service gxvxcserv.sys
    10:59:37:921 2324 ScanServices: Open/Create key error 2
    10:59:37:921 2324 ScanServices: Searching service MSIVXserv.sys
    10:59:37:921 2324 ScanServices: Open/Create key error 2
    10:59:37:921 2324 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
    10:59:37:937 2324 UnhookRegistry: Kernel local addr: BC0000
    10:59:37:937 2324 UnhookRegistry: KeServiceDescriptorTable addr: C4C500
    10:59:38:031 2324 UnhookRegistry: KiServiceTable addr: BCDF40
    10:59:38:031 2324 UnhookRegistry: NtEnumerateKey service number (local): 47
    10:59:38:031 2324 UnhookRegistry: NtEnumerateKey local addr: C6369E
    10:59:38:031 2324 KLMD_OpenDevice: Trying to open KLMD device
    10:59:38:031 2324 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
    10:59:38:031 2324 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
    10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x804E3C9C[0x4]
    10:59:38:031 2324 UnhookRegistry: NtEnumerateKey service number (kernel): 47
    10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x804E505C[0x4]
    10:59:38:031 2324 UnhookRegistry: NtEnumerateKey real addr: 8057A69E
    10:59:38:031 2324 UnhookRegistry: NtEnumerateKey calc addr: 8057A69E
    10:59:38:031 2324 UnhookRegistry: No SDT hooks found on NtEnumerateKey
    10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x8057A69E[0xA]
    10:59:38:031 2324 UnhookRegistry: No splicing found on NtEnumerateKey
    10:59:38:031 2324
    Scanning Kernel memory ...
    10:59:38:031 2324 KLMD_OpenDevice: Trying to open KLMD device
    10:59:38:031 2324 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
    10:59:38:031 2324 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
    10:59:38:031 2324 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 87B03968
    10:59:38:031 2324 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
    10:59:38:031 2324 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 87AFE030
    10:59:38:031 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87AFE030
    10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x87AFE030[0x38]
    10:59:38:031 2324 DetectCureTDL3: DRIVER_OBJECT addr: 87B03968
    10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B03968[0xA8]
    10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0xE1019A98[0x208]
    10:59:38:031 2324 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (0) addr: F76CDC30
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (1) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (2) addr: F76CDC30
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (3) addr: F76C7D9B
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (4) addr: F76C7D9B
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (5) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (6) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (7) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (8) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (9) addr: F76C8366
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (10) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (11) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (12) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (13) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (14) addr: F76C844D
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (15) addr: F76CBFC3
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (16) addr: F76C8366
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (17) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (18) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (19) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (20) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (21) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (22) addr: F76C9EF3
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (23) addr: F76CEA24
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (24) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (25) addr: 804FCB6A
    10:59:38:031 2324 DetectCureTDL3: IrpHandler (26) addr: 804FCB6A
    10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
    10:59:38:031 2324 KLMD_ReadMem: DeviceIoControl error 1
    10:59:38:031 2324 TDL3_StartIoHookDetect: Unable to get StartIo handler code
    10:59:38:031 2324 TDL3_FileDetect: Processing driver: Disk
    10:59:38:031 2324 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
    10:59:38:031 2324 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
    10:59:38:031 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
    10:59:38:062 2324 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 87B669D0
    10:59:38:062 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B669D0
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B669D0[0x38]
    10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT addr: 87B03968
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B03968[0xA8]
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0xE1019A98[0x208]
    10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (0) addr: F76CDC30
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (1) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (2) addr: F76CDC30
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (3) addr: F76C7D9B
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (4) addr: F76C7D9B
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (5) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (6) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (7) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (8) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (9) addr: F76C8366
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (10) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (11) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (12) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (13) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (14) addr: F76C844D
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (15) addr: F76CBFC3
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (16) addr: F76C8366
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (17) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (18) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (19) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (20) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (21) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (22) addr: F76C9EF3
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (23) addr: F76CEA24
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (24) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (25) addr: 804FCB6A
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (26) addr: 804FCB6A
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
    10:59:38:062 2324 KLMD_ReadMem: DeviceIoControl error 1
    10:59:38:062 2324 TDL3_StartIoHookDetect: Unable to get StartIo handler code
    10:59:38:062 2324 TDL3_FileDetect: Processing driver: Disk
    10:59:38:062 2324 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
    10:59:38:062 2324 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
    10:59:38:062 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
    10:59:38:062 2324 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 87B01AB8
    10:59:38:062 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B01AB8
    10:59:38:062 2324 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 87B04030
    10:59:38:062 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B04030
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B04030[0x38]
    10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT addr: 87B00838
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B00838[0xA8]
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B6B940[0x38]
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B6F808[0xA8]
    10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0xE23C39B8[0x208]
    10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (0) addr: 87B0A618
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (1) addr: 87B0A618
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (2) addr: 87B0A618
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (3) addr: 87B0A618
    10:59:38:062 2324 DetectCureTDL3: IrpHandler (4) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (5) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (6) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (7) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (8) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (9) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (10) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (11) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (12) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (13) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (14) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (15) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (16) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (17) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (18) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (19) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (20) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (21) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (22) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (23) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (24) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (25) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: IrpHandler (26) addr: 87B0A618
    10:59:38:078 2324 DetectCureTDL3: All IRP handlers pointed to one addr: 87B0A618
    10:59:38:078 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B0A618[0x400]
    10:59:38:078 2324 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
    10:59:38:078 2324 Driver "atapi" Irp handler infected by TDSS rootkit ... 10:59:38:078 2324 KLMD_WriteMem: Trying to WriteMemory 0x87B0A67D[0xD]
    10:59:38:078 2324 cured
    10:59:38:078 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B0A4BF[0x400]
    10:59:38:078 2324 TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 1
    10:59:38:078 2324 Driver "atapi" StartIo handler infected by TDSS rootkit ... 10:59:38:078 2324 TDL3_StartIoHookCure: Number of patches 1
    10:59:38:078 2324 KLMD_WriteMem: Trying to WriteMemory 0x87B0A5B6[0x6]
    10:59:38:078 2324 cured
    10:59:38:078 2324 TDL3_FileDetect: Processing driver: atapi
    10:59:38:078 2324 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
    10:59:38:078 2324 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
    10:59:38:078 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
    10:59:38:093 2324 File C:\WINDOWS\system32\drivers\atapi.sys infected by TDSS rootkit ... 10:59:38:093 2324 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
    10:59:38:093 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
    10:59:38:093 2324 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\Drivers\atapi.tsk
    10:59:38:171 2324 TDL3_FileCure: Image path (system32\Drivers\atapi.tsk) was set for service (SYSTEM\CurrentControlSet\Services\atapi)
    10:59:38:171 2324 TDL3_FileCure: KLMD_PendCopyFileW (C:\WINDOWS\system32\Drivers\atapi.tsk, C:\WINDOWS\system32\drivers\atapi.sys) success
    10:59:38:171 2324 will be cured on next reboot
    10:59:38:171 2324
    Completed

    Results:
    10:59:38:171 2324 Infected objects in memory: 2
    10:59:38:171 2324 Cured objects in memory: 2
    10:59:38:171 2324 Infected objects on disk: 1
    10:59:38:171 2324 Objects on disk cured on reboot: 1
    10:59:38:171 2324 Objects on disk deleted on reboot: 0
    10:59:38:171 2324 Registry nodes deleted on reboot: 0
    10:59:38:171 2324
    0
  • 1
  • 2
  • 3